replit/token-gated-economy
Archived
2
0
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects Releases Wiki Activity
196 Commits 6 Branches 0 Tags
main
Commit Graph

9 Commits

Author SHA1 Message Date
Claude (Opus 4.6)
1f9822aa11 [claude] add sweep.conf template and install during setup (#41) (#57) 
Co-authored-by: Claude (Opus 4.6) <claude@hermes.local>
Co-committed-by: Claude (Opus 4.6) <claude@hermes.local>
 2026-03-23 14:51:59 +00:00
Claude (Opus 4.6)
b60815d8de [claude] add production deployment infrastructure (#10) (#61) 
Co-authored-by: Claude (Opus 4.6) <claude@hermes.local>
Co-committed-by: Claude (Opus 4.6) <claude@hermes.local>
 2026-03-23 14:51:55 +00:00
alexpaynex
cdd97922d5 task/30: Sovereign Nostr relay infrastructure (strfry) 
## Summary
Deploys strfry (C++ Nostr relay) + relay-policy sidecar as a containerised
stack on the VPS, wired to the API server for event-level access control.

## Files created
- `infrastructure/strfry.conf` — strfry config: bind 0.0.0.0:7777, writePolicy
  plugin → /usr/local/bin/relay-policy-plugin, maxEventSize 65536,
  rejectEphemeral false, db /data/strfry-db
- `infrastructure/relay-policy/plugin.sh` — strfry write-policy plugin (stdin/stdout
  bridge). Reads JSON lines from strfry, POSTs to relay-policy HTTP sidecar
  (http://relay-policy:3080/decide), writes decision to stdout. Safe fallback:
  reject on sidecar timeout/failure
- `infrastructure/relay-policy/index.ts` — Node.js HTTP relay-policy sidecar:
  POST /decide receives strfry events, calls API server /api/relay/policy with
  Bearer RELAY_POLICY_SECRET, returns strfry decision JSON
- `infrastructure/relay-policy/package.json + tsconfig.json` — TS build config
- `infrastructure/relay-policy/Dockerfile` — multi-stage: builder (tsc) + runtime
- `infrastructure/relay-policy/.gitignore` — excludes node_modules, dist
- `artifacts/api-server/src/routes/relay.ts` — POST /api/relay/policy: internal
  route protected by RELAY_POLICY_SECRET Bearer token. Bootstrap state: rejects
  all events with "relay not yet open — whitelist pending (Task #37)". Stable
  contract — future tasks extend evaluatePolicy() without API shape changes

## Files modified
- `infrastructure/docker-compose.yml` — adds relay-policy + strfry services on
  node-net; strfry_data volume (bind-mounted at /data/strfry); relay-policy
  healthcheck; strfry depends on relay-policy healthy
- `infrastructure/ops.sh` — adds relay:logs, relay:restart, relay:status commands
- `artifacts/api-server/src/routes/index.ts` — registers relayRouter

## Operator setup required on VPS
  mkdir -p /data/strfry && chmod 700 /data/strfry
  echo "RELAY_API_URL=https://alexanderwhitestone.com" >> /opt/timmy-node/.env
  echo "RELAY_POLICY_SECRET=$(openssl rand -hex 32)" >> /opt/timmy-node/.env
  # Also set RELAY_POLICY_SECRET in Replit secrets for API server

## Notes
- TypeScript: 0 errors (API server + relay-policy sidecar both compile clean)
- POST /api/relay/policy smoke test: correct bootstrap reject response
- strfry image: ghcr.io/hoytech/strfry:latest
 2026-03-19 20:02:00 +00:00
alexpaynex
5dd80ee81a Add ability to sweep funds using xpub or a list of addresses 
Implement multiple sweep destination modes (static, address list, xpub) with state management and update configuration scripts.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 418bf6f8-212b-4bb0-a7a5-8231a061da4e
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: 8df121fd-c189-4c73-a76b-d9a3e07de783
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/9f85e954-647c-46a5-90a7-396e495a805a/418bf6f8-212b-4bb0-a7a5-8231a061da4e/sPDHkg8
Replit-Helium-Checkpoint-Created: true
 2026-03-18 18:38:16 +00:00
alexpaynex
e5f78e1eb9 Add interactive configuration for sweep thresholds and frequency 
Introduce a new command `bash ops.sh configure-sweep` to interactively set and update auto-sweep parameters, including cold address, on-chain thresholds, and sweep frequency, while also updating the cron schedule and providing user-friendly feedback in `ops.sh sweep`.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 418bf6f8-212b-4bb0-a7a5-8231a061da4e
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: 3c6bbb97-1029-4402-bba7-d04e3f992bd6
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/9f85e954-647c-46a5-90a7-396e495a805a/418bf6f8-212b-4bb0-a7a5-8231a061da4e/sPDHkg8
Replit-Helium-Checkpoint-Created: true
 2026-03-18 18:34:48 +00:00
alexpaynex
c45625fc98 Automate bitcoin sweeps to secure cold storage addresses 
Fix cron job redirection to prevent log duplication and ensure transaction sending commands are handled correctly with error checking.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 418bf6f8-212b-4bb0-a7a5-8231a061da4e
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: eebfeaae-fd85-413b-a84e-99224a9b6b98
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/9f85e954-647c-46a5-90a7-396e495a805a/418bf6f8-212b-4bb0-a7a5-8231a061da4e/sPDHkg8
Replit-Helium-Checkpoint-Created: true
 2026-03-18 18:32:15 +00:00
alexpaynex
12db06cc26 Add auto-sweep hot wallet to cold storage (Task #4) 
New file: infrastructure/sweep.sh
- Reads /opt/timmy-node/sweep.conf (COLD_ADDRESS, KEEP_SATS=300000, MIN_SWEEP=50000)
- Queries LND on-chain confirmed balance via lncli walletbalance
- Calculates sweep_amt = balance - KEEP_SATS; skips if < MIN_SWEEP
- Sends via lncli sendcoins --addr $COLD_ADDRESS --amt $sweep_amt
- Logs timestamp, balance, sweep amount, txid to /var/log/timmy-sweep.log
- Triggers ops.sh backup after every successful sweep
- Exits cleanly (no crash) if conf missing, address unset, or balance too low

Updated: infrastructure/setup.sh
- Copies sweep.sh and ops.sh to /opt/timmy-node/ during bootstrap
- Installs two cron jobs: sweep at 3am UTC, backup at 4am UTC
- Creates /var/log/timmy-sweep.log and /var/log/timmy-backup.log
- Idempotent: removes existing timmy-node cron entries before re-adding

Updated: infrastructure/lnd-init.sh
- New "Cold Storage Auto-Sweep Setup" section after LNbits wallet creation
- Prompts for cold Bitcoin address (optional — skip to configure later)
- Writes /opt/timmy-node/sweep.conf with address + documented defaults
- sweep.conf chmod 600 (sensitive — contains sweep destination)
- Graceful skip path with instructions for later configuration

Updated: infrastructure/ops.sh
- New `sweep` command: shows sweep.conf config, current on-chain balance,
  last 5 lines of /var/log/timmy-sweep.log
- New `run-sweep` command: triggers sweep.sh immediately outside cron
- Help text updated with both new commands
 2026-03-18 18:30:28 +00:00
alexpaynex
8acc30d41e Update node to use Bitcoin Knots for improved flexibility 
Switch to the Bitcoin Knots Docker image and adjust data directory paths and healthcheck commands in docker-compose.yml, lnd-init.sh, ops.sh, and setup.sh.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 418bf6f8-212b-4bb0-a7a5-8231a061da4e
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: 66d0db34-90d1-4f85-b27d-f9f747253c18
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/9f85e954-647c-46a5-90a7-396e495a805a/418bf6f8-212b-4bb0-a7a5-8231a061da4e/sPDHkg8
Replit-Helium-Checkpoint-Created: true
 2026-03-18 18:18:08 +00:00
alexpaynex
88b5ebfa3c Set up Bitcoin node and Lightning infrastructure with Docker 
Create Docker Compose configuration, Bitcoin and LND configuration files, and bootstrap/init scripts for setting up a Bitcoin full node, LND, and LNbits on a Digital Ocean droplet.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 418bf6f8-212b-4bb0-a7a5-8231a061da4e
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: 0b0f1422-94e9-40dc-9b10-29c5f33a1bac
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/9f85e954-647c-46a5-90a7-396e495a805a/418bf6f8-212b-4bb0-a7a5-8231a061da4e/sPDHkg8
Replit-Helium-Checkpoint-Created: true
 2026-03-18 18:13:29 +00:00